ISR-softwares beat On Demand Scanners

Sorry but that's not good enough for me and considering my poor knowledge of internet, malwares and security, I prefer to use something stronger and a clean image IS stronger than AV AS HIP or any other security software.

The scanner message "No threats found" is nothing but a psychological trick to comfort your mind regarding malware, but that doesn't mean your computer is really clean. Try another scanner, maybe it will find another malware, that is already on your computer during months.

 

Eric - now I'm confused - I use Images, lots of them and they are all clean. I don't use scanners to comfort myself. I have run numerous different scanners just to see if they can find anything. I just load them up run them and then reboot and then they are gone. The point is that either they show nothing or they show something which when checked always turns out to be a false positive.

So - I don't use scanners for protection. I have clean images as far as I can tell.
How would you go about deciding whether or not the images were clean ?

 

If you have clean images, what is the difference between you and me then ?
Because you still use scanners daily and I don't or what ?

Maybe there is a difference : I have a clean image, that has never been on-line, except short internet connections,
while you have an image, that has been on-line constantly and that needs to be scanned regularly.

I have two kind of images : clean images (not infected and for restoration only) and daily images (possibly infected)

 

Hello,
How can you tell if your clean images are really clean?
That's the 4,500-szlotti question!
Mrk

 

Thanks Mrk

 

If you are missing the point of this thread, so be it. I know what I'm doing and I'm happy with it.
Why don't you put your pc full of anything, if clean has no value to you anymore.

 

Hello,

Don't take it hard, Erik. Think of this as your dissertation.
Defend your subject. Show us the reasons why. Teach us.

If you know what you're doing, then you know why you are not infected - in which case, I believe everyone would like to know how to achieve the same level of productivity and safety.

But if merely think you're not infected - while you think your daily habits do result in such a result, then you have a fallacy in reasoning.

And I don't follow the pc comment, full of what and what value?

Think of this as a pseudo-narcissist intellectual debate.

Cheers,
Mrk

 

Not much to ISR if while surfing you pick up some or other
keylogger and then enter pins/passwords in banking sites.
(Anti-Keylogger might help).
Seems to be good only for casual surfing, or testing by
deliberately seeking infections.
Nothing can be taken for granted. I still prefer restoring images
from another drive, but may be missing something due to my
'very average user' handicap.

 

There is no point of discussing this any further, because you even consider legit softwares as full of spyware, including Windows Installation CD.
In that case nothing is clean anymore, in other words you can never have a clean computer anymore, not even from the beginning and that closes the discussion.

 

Hello,

I did not say everything is full of spyware, I gave you a few examples of legitimate companies, who have or are operating for a number of years, although their practices are far from fair.

Second, there is way of using completely clean stuff - called Linux, but this is another topic for another thread.

All I have asked is that you tell me how do you differentiate between legit and non-legit, infected software. If the answer is - the name, then so be it. If MS = trust is enough for you, well that's an acceptable answer.

Although I do think there are other practices, but that's beside the point now.

Cheers,
Mrk

 

Even when I have 10 keyloggers on my computer, they are worthless, because my bank changes the password constantly.
The on-line thief needs :
- my bankcard number
- my bankcard reader (hardware device without any connection)
- my bankcard pin number
to get a one-time password. How is the thief able to get all this ?
If the keylogger sends my password to the thief, it's already TOO LATE, because it has been replaced by another one.
Once I'm in, each money transfert has to be signed with the same method and another password.
Very irritating, but very safe too, that's why I hardly log in anymore.

 

Mrkvonic,
I will put a simple example.

I have an image of a phone-activated WinXPproSP2 + MS Office 2000 Pro + FDISR, that has never been on-line, when it was created. This is all I need.
I create also an archive and a Freeze Storage, based on that image.
Do you consider this as a clean image/archive/freeze storage or not ?

Each time I reboot, my possibly infected frozen on-line snapshot is replaced with my clean freeze storage automatically.
Am I infected or not AFTER each reboot ?

That is the basic principle, I only have more legitimate softwares on my computer, than MS Office and FDISR.

 

If they don't value your money as their own, run away.
LOL, if that was the case we'd all have our money under the matress,............. but that's a whole other topic.

 

I wonder, like you, what the real value of FDISR is. I am not saying it is not a very good program, but I rely on ATI and take regular images and insert notes in the image so that I have record of what I might have installed. If I install a goofy program then I can track back. I use incremental images and from time to time create a fresh one that I again increment. I have some very early images of a basic install that I can revert to clean up the system. I cannot see that this is any different to FDISR although it might take a few more minutes to restore. I think $69 is a lot to pay it alongside ATI.

I know ATI can be unreliable but so far has not let me down, and that is all anyone can say of a program. However I may be missing something.

 

This is not about good or bad ISR-softwares or good or bad Image Back softwares.
All softwares SUCK, but some softwares SUCK more than others.

 

Been reading the posts and yes, you should be clean as long as the source CD was not messed with before you had gotten the disc and created that clean image. However its always good to have some security program that is able to detect low level access to your HD. Example Julie Lau's sector editor v1.5 very powerful tool that can wipe your whole HD if you not careful, pretty sure they got malware out there with this tool's ability, even can protect itself in the clusters of your HD and sit dormant immune to low level wipes, it sits there waiting detection of an active OS be it from your clean snap shot or clean restore, once detected it activates itself again, crazy animal. Do I have samples? no I don't but awareness is a bit crazy, I like to think that things you not aware of in some sense don't exist simply because you not aware of it, when actually they do exist, its just a matter of the level of your awareness.

 

I have both, neither has let me down yet, the odds of both letting me down at the same time are likley less than either one on it's own letting me down. Time is money so I consider it an investment, and it is tax deductable

 

I don't use scanners daily - never said I did. I said that I have run scanners to see if the can pick anything up. what's the difference between you and me ? If I'm not mistaken - and I may be - you run some real time programs AS, AV, Hips ? and I don't.

My clean images do not need to be scanned regularly. For every machine I have a non internet activated base image. For daily purposes I use DeepFreeze 6 or Returnil to return the machine to its previous state. Sorry if my posts ever gave the impression that I regularly use either on demand scanning or real time.

I can see no way to be sure that I am clean - nor can you it seems. I therefore no longer try. Every so often someone says that a certain program is really great and I try it just for fun. One one machine, for example, I ran
prosecurity. watching paint dry would have been both more interesting and more useful and yet I would say that of its type prosecurity is a good program - just has no value for me

 

Do you think my vendor, who gave me this CD, is going to mess up this CD intentionally to pester me and his other customers. How big is that chance ? I have alot more unreal stories than this.
How do you verify downloaded installation files of legitimate softwares ? I hope not with scanners.

 

Not so crazy: The software designed to phone home when a laptop is stolen is similarly difficult for most people to remove. Even a re-formatting, etc. will not typically delete or disable it. But in this case, who would want to remove it?

 

Apple ships infected iPods

Multi-engine scanners (Virustotal, Jotti), checksums and/or digital signatures.

 

Finally! I'm not the only one who realizes that. And that is why Windows is been inventoried and studied from one end and down the other since release.

AFAIK, even the Win Install CD "can" contain corrupt code But that's not important, what is important is AFTER installing w/CD and then proceeding to pull all the useless and potential threatening crap off from the disk, THEN you have a "Clean" windows in which to begin securing and archiving with in our case FD-ISR + Imaging Program

I don't want to make too much of it but scanners can be considered absolutely obsolete where ISR Programs are employed, at least in the case of FD-ISR's feature of archiving snapshots. I don't use FreezeStorage.arx feature but that doesn't mean anything, it can & does contribute greatly in preserving a clean system AFTER flushing or reboot. It's the classic Copy/Update to snapshot, something like virtualization only this way it auto-manually/electronically replaces anything not matching the SOURCE!

Provided this routine is not interrupted, it makes scanners redundant IMO, much more so than HIPS + Sandboxing + Shadowing. And then even more so with Images..........

Looks like it boils down to what does a user trust most from real experiences?

 

Never have blind faith in anything being installed.

Testing and evaluation of the source install which you are intending to make an image is a good start.

In the enviroment I am in, all software (and data) which goes on our servers is tested, regaurdless of being written inhouse (and tested seperately) or purchased 3rd party, as mistakes happen, unknown bugs can be found, configuration issues occur that create risks.

Apply a bit of common sense in this case in creating the "clean"-image, test everything, run virus scanners, malware scanners, check configuration settings, additional drivers etc run and check for stability over a chosen period of time and IMHO this will be as good as needed.

Another common sense thing to do is never use cutting edge software on an image, I always make sure that everything is that last known stable version (eg not installing the latest release of pigeon which seems to get patched every week !).

Tried and testing is what you need to create a base image, you can always go and create ancillary images which are more up todate, but you need to make sure you have atleast one trustworthy image.